Oracle Solaris Third-Party Patch Update : flash (multiple_vulnerabilities_in_adobe_flashplayer4)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Solaris system is missing a security patch for third-party
software.

Description :

The remote Solaris system is missing necessary patches to address
security updates :

- Adobe Flash Player before 10.3.183.11 and 11.x before
11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and
before 11.1.102.59 on Android, and Adobe AIR before
3.1.0.4880, allows attackers to execute arbitrary code
or cause a denial of service (memory corruption) via
unspecified vectors, a different vulnerability than
CVE-2011-2451, CVE-2011-2452, CVE-2011-2453,
CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and
CVE-2011-2460. (CVE-2011-2445)

- Adobe Flash Player before 10.3.183.11 and 11.x before
11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and
before 11.1.102.59 on Android, and Adobe AIR before
3.1.0.4880, allows attackers to execute arbitrary code
or cause a denial of service (heap memory corruption)
via unspecified vectors. (CVE-2011-2450)

- Adobe Flash Player before 10.3.183.11 and 11.x before
11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and
before 11.1.102.59 on Android, and Adobe AIR before
3.1.0.4880, allows attackers to execute arbitrary code
or cause a denial of service (memory corruption) via
unspecified vectors, a different vulnerability than
CVE-2011-2445, CVE-2011-2452, CVE-2011-2453,
CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and
CVE-2011-2460. (CVE-2011-2451)

- Adobe Flash Player before 10.3.183.11 and 11.x before
11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and
before 11.1.102.59 on Android, and Adobe AIR before
3.1.0.4880, allows attackers to execute arbitrary code
or cause a denial of service (memory corruption) via
unspecified vectors, a different vulnerability than
CVE-2011-2445, CVE-2011-2451, CVE-2011-2453,
CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and
CVE-2011-2460. (CVE-2011-2452)

- Adobe Flash Player before 10.3.183.11 and 11.x before
11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and
before 11.1.102.59 on Android, and Adobe AIR before
3.1.0.4880, allows attackers to execute arbitrary code
or cause a denial of service (memory corruption) via
unspecified vectors, a different vulnerability than
CVE-2011-2445, CVE-2011-2451, CVE-2011-2452,
CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and
CVE-2011-2460. (CVE-2011-2453)

- Adobe Flash Player before 10.3.183.11 and 11.x before
11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and
before 11.1.102.59 on Android, and Adobe AIR before
3.1.0.4880, allows attackers to execute arbitrary code
or cause a denial of service (memory corruption) via
unspecified vectors, a different vulnerability than
CVE-2011-2445, CVE-2011-2451, CVE-2011-2452,
CVE-2011-2453, CVE-2011-2455, CVE-2011-2459, and
CVE-2011-2460. (CVE-2011-2454)

- Adobe Flash Player before 10.3.183.11 and 11.x before
11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and
before 11.1.102.59 on Android, and Adobe AIR before
3.1.0.4880, allows attackers to execute arbitrary code
or cause a denial of service (memory corruption) via
unspecified vectors, a different vulnerability than
CVE-2011-2445, CVE-2011-2451, CVE-2011-2452,
CVE-2011-2453, CVE-2011-2454, CVE-2011-2459, and
CVE-2011-2460. (CVE-2011-2455)

- Buffer overflow in Adobe Flash Player before 10.3.183.11
and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux,
and Solaris and before 11.1.102.59 on Android, and Adobe
AIR before 3.1.0.4880, allows attackers to execute
arbitrary code via unspecified vectors. (CVE-2011-2456)

- Stack-based buffer overflow in Adobe Flash Player before
10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac
OS X, Linux, and Solaris and before 11.1.102.59 on
Android, and Adobe AIR before 3.1.0.4880, allows
attackers to execute arbitrary code via unspecified
vectors. (CVE-2011-2457)

- Adobe Flash Player before 10.3.183.11 and 11.x before
11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and
before 11.1.102.59 on Android, and Adobe AIR before
3.1.0.4880, when Internet Explorer is used, allows
remote attackers to bypass the cross-domain policy via a
crafted web site. (CVE-2011-2458)

- Adobe Flash Player before 10.3.183.11 and 11.x before
11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and
before 11.1.102.59 on Android, and Adobe AIR before
3.1.0.4880, allows attackers to execute arbitrary code
or cause a denial of service (memory corruption) via
unspecified vectors, a different vulnerability than
CVE-2011-2445, CVE-2011-2451, CVE-2011-2452,
CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and
CVE-2011-2460. (CVE-2011-2459)

- Adobe Flash Player before 10.3.183.11 and 11.x before
11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and
before 11.1.102.59 on Android, and Adobe AIR before
3.1.0.4880, allows attackers to execute arbitrary code
or cause a denial of service (memory corruption) via
unspecified vectors, a different vulnerability than
CVE-2011-2445, CVE-2011-2451, CVE-2011-2452,
CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and
CVE-2011-2459. (CVE-2011-2460)

See also :

http://www.nessus.org/u?b5f8def1
http://www.nessus.org/u?1e412d22

Solution :

Upgrade to Solaris 11/11 SRU 02.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now